jpegtran -drop: Ensure all quant tables defined

It is possible to craft a malformed JPEG image in which all of the scans contain fewer components than the number of components specified in the Start Of Frame (SOF) segment. Attempting to use such an image as either an input image or a drop image with 'jpegtran -drop' caused a NULL dereference and subsequent segfault in transupp.c:adjust_quant(), so this commit adds appropriate checks to guard against that. Since the issue involved an interface that is only exposed on the jpegtran command line, it did not represent a security risk. 'jpegtran -drop' could not ever be used successfully with images such as the ones described above. This commit simply makes jpegtran fail gracefully rather than crash. Fixes #758
2024-05-02 14:07:45 -04:00
parent 2dfe6c0fe9
commit 6a522fcda4
2 changed files with 10 additions and 1 deletions
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -16,6 +16,11 @@ in the C compiler.
 calling applications to supply custom Huffman tables when generating
 12-bit-per-component lossy JPEG images using the libjpeg API.

+4. Fixed a segfault that occurred when attempting to use the jpegtran `-drop`
+option with a specially-crafted malformed input image or drop image
+(specifically an image in which all of the scans contain fewer components than
+the number of components specified in the Start Of Frame segment.)
+

 3.0.2
 =====